package com.i2works.smartluolong.utils.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 权限验证过滤器，细粒度到方法（基于目录判断）
 *
 * @author koal
 * @className ResourceCheckFilter
 * @email koal@vip.qq.com
 * @date 2016/1/10 23:35
 */

public class ResourceCheckFilter extends AccessControlFilter {

    /**
     * 是否验证成功，返回true成功，返回false就会执行onAccessDenied
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        Subject subject = this.getSubject(request, response);
        String url = getPathWithinApplication(request);
        return subject.isPermitted(url);
    }

    /**
     * 验证失败后执行
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        WebUtils.issueRedirect(request, response, "/error/authc.html");
        return false;
    }


}
